ClawCo

Concepts

Core concepts behind ClawDNA — how identity files, bundles, sync, and environments work together to keep your agent's personality safe and portable.

Identity Files

ClawDNA manages the files that define your agent's identity. These are what make your agent yours — ClawDNA versions and syncs them so they never drift or get lost.

FilePurpose
SOUL.mdPersonality, values, and behavioral rules
AGENTS.mdWorkspace conventions and operating rules
IDENTITY.mdHow the agent presents itself
MEMORY.mdAccumulated knowledge about the user
TOOLS.mdInstalled skills and tool configurations
USER.mdUser-specific context and preferences

The .dna Bundle

A snapshot produces a .dna bundle: a compressed tarball (.tar.gz) containing all identity files plus a manifest with metadata. Bundles are the unit of sync — they get pushed to and pulled from the hub.

Bundle Structure

openclaw-backup-2026-03-15T14-22-00-pedro-main.dna
├── manifest.json              # Bundle metadata
├── identity/
│   ├── SOUL.md
│   ├── AGENTS.md
│   ├── IDENTITY.md
│   ├── TOOLS.md
│   ├── USER.md
│   └── MEMORY.md
├── skills/
│   ├── crm-connector/
│   │   └── SKILL.md
│   └── calendar-sync/
│       └── SKILL.md
├── config/
│   └── openclaw.sanitized.json  # Secrets removed
└── claw.dna.yaml              # Platform-agnostic export

Manifest

Every bundle contains a manifest.json with metadata: bundle ID, agent ID, environment ID, timestamps, OpenClaw version, Node version, platform, and SHA-256 hashes for every included file.

The claw.dna.yaml Format

The canonical, platform-agnostic identity definition. Human-readable and version-controlled. 

# claw.dna.yaml — ClawDNA Identity Definition v1
version: "1"

identity:
  id: "pedro-main"
  name: "ClawBot"

files:
  soul: "./SOUL.md"
  agents: "./AGENTS.md"
  identity: "./IDENTITY.md"
  tools: "./TOOLS.md"
  user: "./USER.md"
  memory: "./MEMORY.md"

config:
  model: "anthropic/claude-sonnet-4-6"

environments:
  primary:
    config:
      model: "anthropic/claude-opus-4-6"
    channels:
      telegram:
        bot_token: "$TELEGRAM_PRIMARY_BOT_TOKEN"

sync:
  hub: "clawdna-cloud"
  auto_push: true

Secrets are never stored inline — always use $ENV_VAR references. ClawDNA resolves these at runtime from your environment.

Sync Protocol

The sync protocol tracks state per environment-hub pair. Each side maintains a content hash (SHA-256 of all identity files).

Protocol States

StateMeaningAction
SYNCEDLocal hash == hub hashNo action needed
AHEADLocal has unpushed changesPush available
BEHINDHub has changes not pulledPull available
DIVERGEDBoth sides changed since last syncConflict resolution required
UNKNOWNNo sync state recordedFirst sync required

Push Flow

  1. Collect identity files
  2. Run secrets sanitizer — abort if violations found
  3. Compute local hash (SHA-256 of all identity file contents)
  4. Fetch current hub hash and compare
  5. Create sanitized bundle
  6. Upload bundle to hub
  7. Update hub manifest and local sync state
  8. Notify registered webhooks (non-blocking)

Pull Flow

  1. Fetch hub manifest (latest hash, timestamp, env attribution)
  2. Compute local hash and compare
  3. Download latest bundle
  4. Compute diff (local vs bundle)
  5. Show diff for user confirmation (unless --quiet)
  6. Apply bundle to local workspace (identity files only)
  7. Never overwrite: .env, credentials, sessions, local-only files
  8. Update local sync state

Environments

An environment represents one instance of your agent running on a specific machine. Each environment has a role that determines its sync behavior.

RoleDescription
primarySource of truth. Changes here are pushed to the hub and pulled by replicas.
replicaPulls identity from the primary. Can have local config overrides (different channels, model).
forkIndependent copy. Started from a primary's identity but diverges freely.

Environment profiles are stored locally at ~/.clawdna/envs/<env-id>.profile.yaml and are never synced. They contain secret references, sync role, and local path overrides.

Memory Distillation

Over time, your agent accumulates session memory — facts about the user, preferences, conversation context. Memory distillation uses an LLM to classify these entries as:

  • Core — permanent facts that should persist in MEMORY.md (e.g., "user prefers dark mode")
  • Ephemeral — session-only context that should expire (e.g., "user is debugging a React component")

Core facts are promoted to MEMORY.md and synced to all environments. Ephemeral entries are discarded. This keeps your agent's memory focused and prevents context bloat.

Secrets Sanitization

Every push, export, and distillation operation passes through a secrets sanitizer before any data leaves the machine. The sanitizer detects:

  • API key patterns (OpenAI, Anthropic, Telegram, Discord)
  • Bearer tokens and JWTs
  • Private key headers
  • Custom patterns defined in ~/.clawdna/.secretsignore

If a secret is found in any identity file, the operation is aborted with a clear error. This is a hard gate — it cannot be bypassed without the explicit --force-unsafe flag.